Privacy Notice
Last updated: April 2026 · Version 1.0
This notice explains how Stichting The Witness Protocol Foundation ("the Foundation", "we", "us") collects, uses, protects, and shares your personal data. It is written in plain language and complies with the EU General Data Protection Regulation (GDPR) and EDPB guidance.
1. Who We Are
Controller: Stichting The Witness Protocol Foundation
Jurisdiction: Amsterdam, The Netherlands
Contact: privacy@thewprotocol.online
We are a Dutch non-profit research foundation (stichting) registered under Dutch law. Our mission is to collect high-signal human moral testimony for AI alignment research. We do not sell data, operate advertising, or have commercial interests in your information.
2. Data We Collect and Why
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Email address | To distribute the Reviewer Packet and notify you of decisions | Consent (Art. 6(1)(a)) | Until you revoke consent or request deletion |
| Testimony text (Gate essay) | Core research data — moral reasoning analysis | Explicit consent (Art. 6(1)(a) + Art. 9(2)(a) for special-category data) | De-identified copy retained indefinitely; original deleted after processing |
| Inquisitor session transcripts | Structured extraction of moral reasoning | Explicit consent | De-identified version retained; raw transcript deleted upon consent revocation |
| Authentication data | Account security | Contract (Art. 6(1)(b)) — account creation | Until account deletion |
| Pseudonym | Persistent non-identifying label for research records | Legitimate interest (Art. 6(1)(f)) — research integrity | Retained until full consent revocation |
3. Special-Category Data
We process special-category personal data.
Your testimony may reveal — intentionally or inadvertently — information about your health, sexual orientation, political opinions, religious or philosophical beliefs, racial or ethnic origin, or trade union membership. Under GDPR Art. 9, this data requires explicit consent and heightened protection.
Legal basis: We process this data solely on the basis of your explicit, informed consent (Art. 9(2)(a)). Consent is granular: you may consent to internal research use without consenting to external sharing. You may revoke consent at any time — see Section 6.
Protection measures: Testimony undergoes automated PII de-identification before it enters our research database. Original text is never published. Identity is never re-linked to testimony in research outputs.
4. Third-Party AI Processing
Your testimony is processed by third-party AI systems.
The Gate vetting process uses AI language models to assess testimony quality and extract semantic tags. These models are accessed via OpenRouter (a US-based API gateway) and include models from Anthropic.
What is sent: We apply a local regex de-identification pass (removing emails, phone numbers, URLs, and dates) before any text is sent to these systems. For named PII (persons, institutions, locations), we use a "candidate isolation" technique — only the suspected PII tokens are sent for classification, not the full testimony text.
Sub-processors: OpenRouter (sub-processor) routes requests to Anthropic. Both operate under standard commercial API terms. Cross-border transfers to the USA are made under Anthropic's and OpenRouter's standard contractual clauses and privacy policies.
Your rights: If you object to AI processing of your testimony, contact us at privacy@thewprotocol.online. Note that AI processing is currently a core part of our vetting pipeline; opting out may mean we cannot process your submission.
5. How We Protect Your Data
We operate a three-layer privacy architecture:
Identity Vault
Your email, authentication credentials, and pseudonym. Stored encrypted, access-controlled, never shared.
De-identified Corpus
Your testimony text after PII stripping and human annotation. Your identity is not associated with this layer. This is the research data.
Published Archive (future)
Curated, consented-for-publication excerpts. Only with your additional explicit opt-in. Does not exist yet.
All data is stored in Supabase (PostgreSQL) with row-level security policies. The platform is hosted on Vercel (EU edge nodes where possible). All database mutations are logged immutably to an audit trail.
6. Your Rights Under GDPR
You have the following rights regarding your personal data. To exercise any of them, contact privacy@thewprotocol.online. We will respond within 30 days.
Access (Art. 15)
Request a copy of all personal data we hold about you, including your testimony, pseudonym, and audit log entries.
Rectification (Art. 16)
Request correction of inaccurate personal data we hold.
Erasure / Revocation (Art. 17 + consent withdrawal)
Request deletion of all your data. This cascades: your email, account, testimony text, annotations, and Inquisitor session transcripts are permanently deleted. De-identified research data that cannot be re-linked to you may be retained.
Restriction (Art. 18)
Request that we restrict processing while a dispute is under review.
Portability (Art. 20)
Request a machine-readable export of your personal data (testimony, session history, annotation tags applied to your record).
Objection (Art. 21)
Object to processing based on legitimate interest. Note: some processing is necessary for the research mission.
Lodging a complaint
You may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
7. Cookies and Session Data
We use only essential cookies: authentication session tokens set by Supabase Auth. We do not use advertising cookies, tracking pixels, or third-party analytics beyond Sentry (error monitoring). Sentry is configured to scrub PII from error reports.
8. Changes to This Notice
We will update this notice when our data practices change. Material changes will be announced to registered witnesses by email. The version date at the top of this page indicates when it was last revised.
Privacy Notice v1.0 · April 2026 · Stichting The Witness Protocol Foundation
Questions? privacy@thewprotocol.online